<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
	<title>GeoIP Processor | ElasticSearch 7.7 权威指南中文版</title>
	<meta name="keywords" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <meta name="description" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <!-- Give IE8 a fighting chance -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
	<link rel="stylesheet" type="text/css" href="../static/styles.css" />
	<script>
	var _link = 'geoip-processor.html';
    </script>
</head>
<body>
<div class="main-container">
    <section id="content">
        <div class="content-wrapper">
            <section id="guide" lang="zh_cn">
                <div class="container">
                    <div class="row">
                        <div class="col-xs-12 col-sm-8 col-md-8 guide-section">
                            <div style="color:gray; word-break: break-all; font-size:12px;">原英文版地址: <a href="https://www.elastic.co/guide/en/elasticsearch/reference/7.7/geoip-processor.html" rel="nofollow" target="_blank">https://www.elastic.co/guide/en/elasticsearch/reference/7.7/geoip-processor.html</a>, 原文档版权归 www.elastic.co 所有<br/>本地英文版地址: <a href="../en/geoip-processor.html" rel="nofollow" target="_blank">../en/geoip-processor.html</a></div>
                        <!-- start body -->
                  <div class="page_header">
<strong>重要</strong>: 此版本不会发布额外的bug修复或文档更新。最新信息请参考 <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html" rel="nofollow">当前版本文档</a>。
</div>
<div id="content">
<div class="breadcrumbs">
<span class="breadcrumb-link"><a href="index.html">Elasticsearch Guide [7.7]</a></span>
»
<span class="breadcrumb-link"><a href="ingest.html">Ingest node</a></span>
»
<span class="breadcrumb-link"><a href="ingest-processors.html">Processors</a></span>
»
<span class="breadcrumb-node">GeoIP Processor</span>
</div>
<div class="navheader">
<span class="prev">
<a href="foreach-processor.html">« Foreach Processor</a>
</span>
<span class="next">
<a href="grok-processor.html">Grok Processor »</a>
</span>
</div>
<div class="section">
<div class="titlepage"><div><div>
<h2 class="title">
<a id="geoip-processor"></a>GeoIP Processor<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/ingest/processors/geoip.asciidoc">edit</a>
</h2>
</div></div></div>
<p>The <code class="literal">geoip</code> processor adds information about the geographical location of IP addresses, based on data from the Maxmind databases.
This processor adds this information by default under the <code class="literal">geoip</code> field. The <code class="literal">geoip</code> processor can resolve both IPv4 and
IPv6 addresses.</p>
<p>The <code class="literal">ingest-geoip</code> module ships by default with the GeoLite2 City, GeoLite2 Country and GeoLite2 ASN geoip2 databases from Maxmind made available
under the CCA-ShareAlike 4.0 license. For more details see, <a href="http://dev.maxmind.com/geoip/geoip2/geolite2/" class="ulink" target="_top">http://dev.maxmind.com/geoip/geoip2/geolite2/</a></p>
<p>The <code class="literal">geoip</code> processor can run with other GeoIP2 databases from Maxmind. The files must be copied into the <code class="literal">ingest-geoip</code> config directory,
and the <code class="literal">database_file</code> option should be used to specify the filename of the custom database. Custom database files must be stored
uncompressed. The <code class="literal">ingest-geoip</code> config directory is located at <code class="literal">$ES_CONFIG/ingest-geoip</code>.</p>
<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="using-ingest-geoip"></a>Using the <code class="literal">geoip</code> Processor in a Pipeline<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/ingest/processors/geoip.asciidoc">edit</a>
</h3>
</div></div></div>
<div class="table">
<a id="ingest-geoip-options"></a>
<p class="title"><strong>Table 47. <code class="literal">geoip</code> options</strong></p>
<div class="table-contents">
<table border="1" cellpadding="4px" summary="geoip options">
<colgroup>
<col class="col_1">
<col class="col_2">
<col class="col_3">
<col class="col_4">
</colgroup>
<thead>
<tr>
<th align="left" valign="top">Name</th>
<th align="left" valign="top">Required</th>
<th align="left" valign="top">Default</th>
<th align="left" valign="top">Description</th>
</tr>
</thead>
<tbody>
<tr>
<td align="left" valign="top"><p><code class="literal">field</code></p></td>
<td align="left" valign="top"><p>yes</p></td>
<td align="left" valign="top"><p>-</p></td>
<td align="left" valign="top"><p>The field to get the ip address from for the geographical lookup.</p></td>
</tr>
<tr>
<td align="left" valign="top"><p><code class="literal">target_field</code></p></td>
<td align="left" valign="top"><p>no</p></td>
<td align="left" valign="top"><p>geoip</p></td>
<td align="left" valign="top"><p>The field that will hold the geographical information looked up from the Maxmind database.</p></td>
</tr>
<tr>
<td align="left" valign="top"><p><code class="literal">database_file</code></p></td>
<td align="left" valign="top"><p>no</p></td>
<td align="left" valign="top"><p>GeoLite2-City.mmdb</p></td>
<td align="left" valign="top"><p>The database filename in the geoip config directory. The ingest-geoip module ships with the GeoLite2-City.mmdb, GeoLite2-Country.mmdb and GeoLite2-ASN.mmdb files.</p></td>
</tr>
<tr>
<td align="left" valign="top"><p><code class="literal">properties</code></p></td>
<td align="left" valign="top"><p>no</p></td>
<td align="left" valign="top"><p>[<code class="literal">continent_name</code>, <code class="literal">country_iso_code</code>, <code class="literal">region_iso_code</code>, <code class="literal">region_name</code>, <code class="literal">city_name</code>, <code class="literal">location</code>] *</p></td>
<td align="left" valign="top"><p>Controls what properties are added to the <code class="literal">target_field</code> based on the geoip lookup.</p></td>
</tr>
<tr>
<td align="left" valign="top"><p><code class="literal">ignore_missing</code></p></td>
<td align="left" valign="top"><p>no</p></td>
<td align="left" valign="top"><p><code class="literal">false</code></p></td>
<td align="left" valign="top"><p>If <code class="literal">true</code> and <code class="literal">field</code> does not exist, the processor quietly exits without modifying the document</p></td>
</tr>
<tr>
<td align="left" valign="top"><p><code class="literal">first_only</code></p></td>
<td align="left" valign="top"><p>no</p></td>
<td align="left" valign="top"><p><code class="literal">true</code></p></td>
<td align="left" valign="top"><p>If <code class="literal">true</code> only first found geoip data will be returned, even if <code class="literal">field</code> contains array</p></td>
</tr>
</tbody>
</table>
</div>
</div>
<p>*Depends on what is available in <code class="literal">database_file</code>:</p>
<div class="ulist itemizedlist">
<ul class="itemizedlist">
<li class="listitem">
If the GeoLite2 City database is used, then the following fields may be added under the <code class="literal">target_field</code>: <code class="literal">ip</code>,
<code class="literal">country_iso_code</code>, <code class="literal">country_name</code>, <code class="literal">continent_name</code>, <code class="literal">region_iso_code</code>, <code class="literal">region_name</code>, <code class="literal">city_name</code>, <code class="literal">timezone</code>, <code class="literal">latitude</code>, <code class="literal">longitude</code>
and <code class="literal">location</code>. The fields actually added depend on what has been found and which properties were configured in <code class="literal">properties</code>.
</li>
<li class="listitem">
If the GeoLite2 Country database is used, then the following fields may be added under the <code class="literal">target_field</code>: <code class="literal">ip</code>,
<code class="literal">country_iso_code</code>, <code class="literal">country_name</code> and <code class="literal">continent_name</code>. The fields actually added depend on what has been found and which properties
were configured in <code class="literal">properties</code>.
</li>
<li class="listitem">
If the GeoLite2 ASN database is used, then the following fields may be added under the <code class="literal">target_field</code>: <code class="literal">ip</code>,
<code class="literal">asn</code>, and <code class="literal">organization_name</code>. The fields actually added depend on what has been found and which properties were configured
in <code class="literal">properties</code>.
</li>
</ul>
</div>
<p>Here is an example that uses the default city database and adds the geographical information to the <code class="literal">geoip</code> field based on the <code class="literal">ip</code> field:</p>
<div class="pre_wrapper lang-console">
<pre class="programlisting prettyprint lang-console">PUT _ingest/pipeline/geoip
{
  "description" : "Add geoip info",
  "processors" : [
    {
      "geoip" : {
        "field" : "ip"
      }
    }
  ]
}
PUT my_index/_doc/my_id?pipeline=geoip
{
  "ip": "8.8.8.8"
}
GET my_index/_doc/my_id</pre>
</div>
<div class="console_widget" data-snippet="snippets/1087.console"></div>
<p>Which returns:</p>
<div class="pre_wrapper lang-console-result">
<pre class="programlisting prettyprint lang-console-result">{
  "found": true,
  "_index": "my_index",
  "_type": "_doc",
  "_id": "my_id",
  "_version": 1,
  "_seq_no": 55,
  "_primary_term": 1,
  "_source": {
    "ip": "8.8.8.8",
    "geoip": {
      "continent_name": "North America",
      "country_iso_code": "US",
      "location": { "lat": 37.751, "lon": -97.822 }
    }
  }
}</pre>
</div>
<p>Here is an example that uses the default country database and adds the
geographical information to the <code class="literal">geo</code> field based on the <code class="literal">ip</code> field`. Note that
this database is included in the module. So this:</p>
<div class="pre_wrapper lang-console">
<pre class="programlisting prettyprint lang-console">PUT _ingest/pipeline/geoip
{
  "description" : "Add geoip info",
  "processors" : [
    {
      "geoip" : {
        "field" : "ip",
        "target_field" : "geo",
        "database_file" : "GeoLite2-Country.mmdb"
      }
    }
  ]
}
PUT my_index/_doc/my_id?pipeline=geoip
{
  "ip": "8.8.8.8"
}
GET my_index/_doc/my_id</pre>
</div>
<div class="console_widget" data-snippet="snippets/1088.console"></div>
<p>returns this:</p>
<div class="pre_wrapper lang-console-result">
<pre class="programlisting prettyprint lang-console-result">{
  "found": true,
  "_index": "my_index",
  "_type": "_doc",
  "_id": "my_id",
  "_version": 1,
  "_seq_no": 65,
  "_primary_term": 1,
  "_source": {
    "ip": "8.8.8.8",
    "geo": {
      "continent_name": "North America",
      "country_iso_code": "US",
    }
  }
}</pre>
</div>
<p>Not all IP addresses find geo information from the database, When this
occurs, no <code class="literal">target_field</code> is inserted into the document.</p>
<p>Here is an example of what documents will be indexed as when information for "80.231.5.0"
cannot be found:</p>
<div class="pre_wrapper lang-console">
<pre class="programlisting prettyprint lang-console">PUT _ingest/pipeline/geoip
{
  "description" : "Add geoip info",
  "processors" : [
    {
      "geoip" : {
        "field" : "ip"
      }
    }
  ]
}

PUT my_index/_doc/my_id?pipeline=geoip
{
  "ip": "80.231.5.0"
}

GET my_index/_doc/my_id</pre>
</div>
<div class="console_widget" data-snippet="snippets/1089.console"></div>
<p>Which returns:</p>
<div class="pre_wrapper lang-console-result">
<pre class="programlisting prettyprint lang-console-result">{
  "_index" : "my_index",
  "_type" : "_doc",
  "_id" : "my_id",
  "_version" : 1,
  "_seq_no" : 71,
  "_primary_term": 1,
  "found" : true,
  "_source" : {
    "ip" : "80.231.5.0"
  }
}</pre>
</div>
<div class="section">
<div class="titlepage"><div><div>
<h4 class="title">
<a id="ingest-geoip-mappings-note"></a>Recognizing Location as a Geopoint<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/ingest/processors/geoip.asciidoc">edit</a>
</h4>
</div></div></div>
<p>Although this processor enriches your document with a <code class="literal">location</code> field containing
the estimated latitude and longitude of the IP address, this field will not be
indexed as a <a href="geo-point.html" class="ulink" target="_top"><code class="literal">geo_point</code></a> type in Elasticsearch without explicitly defining it
as such in the mapping.</p>
<p>You can use the following mapping for the example index above:</p>
<div class="pre_wrapper lang-console">
<pre class="programlisting prettyprint lang-console">PUT my_ip_locations
{
  "mappings": {
    "properties": {
      "geoip": {
        "properties": {
          "location": { "type": "geo_point" }
        }
      }
    }
  }
}</pre>
</div>
<div class="console_widget" data-snippet="snippets/1090.console"></div>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h4 class="title">
<a id="ingest-geoip-settings"></a>Node Settings<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/ingest/processors/geoip.asciidoc">edit</a>
</h4>
</div></div></div>
<p>The <code class="literal">geoip</code> processor supports the following setting:</p>
<div class="variablelist">
<dl class="variablelist">
<dt>
<span class="term">
<code class="literal">ingest.geoip.cache_size</code>
</span>
</dt>
<dd>
The maximum number of results that should be cached. Defaults to <code class="literal">1000</code>.
</dd>
</dl>
</div>
<p>Note that these settings are node settings and apply to all <code class="literal">geoip</code> processors, i.e. there is one cache for all defined <code class="literal">geoip</code> processors.</p>
</div>

</div>

</div>
<div class="navfooter">
<span class="prev">
<a href="foreach-processor.html">« Foreach Processor</a>
</span>
<span class="next">
<a href="grok-processor.html">Grok Processor »</a>
</span>
</div>
</div>

                  <!-- end body -->
                        </div>
                        <div class="col-xs-12 col-sm-4 col-md-4" id="right_col">
                        
                        </div>
                    </div>
                </div>
            </section>
        </div>
    </section>
</div>
<script src="../static/cn.js"></script>
</body>
</html>